United States Patent and Trademark Ofhce 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark OtBce 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED IXA-'EXTGR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/777,600 



02/12/2004 



33438 7590 04/21/2008 

HAMILTON & TERRILE, LLP 
P.O. BOX 203518 
AUSTIN, TX 78720 



Chandar Kamalanathan 



HAILU, TESHOME 



PAPER NUMBER 



NOTIFICATION DATE | DELIVERY MODE 
04/21/2008 ELECTRONIC 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 

following e-mail address(es): 

docketingCnMiainiltontciTilc.coin 
seaton@haiiiilloiitcnilc.coiii 
tmunoz @ hamiltonterrile.com 



PTOL-90A (Rev. 04/07) 



KJttiVrXi nvrliyjts OUff Iff fcff Jr 


Application No. 

10/777,600 


Applicant(s) 

KAMALANATHAN ET AL. 


Examiner 
TESHOME HAILU 


Art Unit 

2139 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 12 February 2004 . 
2a )□ This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Clalm(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) \Z\ Claim(s) is/are allowed. 

6) |EI Claim(s) 1-20 is/are rejected. 

7) n Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 1 2 February 2004 is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftspereon's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26'(Rev^'o8-0^^ 



Office Action Summary 



Part of Paper No./Mail Date 20080407 



Application/Control Number: 10/777,600 Page 2 

Art Unit: 2139 

DETAILED ACTION 

1. Claims 1-20 are pending. 

2. This office action is in reply to an amendment filed on February 14, 2008. Claims 1-20 have been 

amended. 



Response to Amendment 

3. Applicant's arguments with respect to claims 1-20 have been considered but are moot in view of 
the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

A piilciU may not be obtained though the invention is not identically disclosed or described as sel Ibrlh in seclion 
102 of this title, if the differences between the subject matter souglit to be patented and the prior arl are snch thai the 
subject matter as a whole would have been obvious at the time the invention was made to a person having ordmary skill 
in the art to which said subject matter pertains. PatentabUity shall not be negatived by the manner in which the 
invention was made. 

5. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Howard et al 
(Howard), US Pub. No. 2002/0069365, in view of Billharz, US Pub. No. 2004/0250130. 

As per claim 1 , Howard discloses: 

Systems for secure Hypertext IVIarkup Language (HTML) linl<s, (page 6, paragraph 67, if the client 
computer is running the limited-use browser/module, the server system generates a secure HTIVIL). 

A protocol encryption tool operable to associate encrypted protocols with HTML links, (page 7, 
paragraph 73, the client system receives the requested content from the server system as either 
encrypted HTML content or secured document package). 
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Each protocol associated with a restricted browser function; (page 6, paragraph 67, the server 
system generates a secure HTIVIL page corresponding to the requested content and sends the page to 
the client system). 

An editor operable to publish an HTML link and associated encrypted protocol in a web page 
(page 1, paragraph 15, a limited-use web browser and related security system allows providers of text 
and images or other content to publish content on a local-area network (LAN) or wide-area network 
(WAN), such as world wide web (web) and the Internet). Where HTML is one way of creating a web page, 
"publish the content" inherently including "an editor operable to publish". 

A browser operable to display the web page and HTML link (page 1-2, paragraph 15, reads and 
displays any viewable web content including text, images, and streaming audio and video). 

The browser having one or more restricted function, (page 6, paragraph 62, a secure document 
package is composed of a document manager and one or more web pages). Where the web pages can 
be a restricted function. 

Each restricted function requiring at least selection of an HTML link (page 6, paragraph 67, the 
server system generates a secure HTML page corresponding to the requested content and sends the 
page to the client system). 

A function confirmation before the browser executes the function (page 4, paragraph 42, when 
the user request 313 is received by the server computer 301, the server component 302 determines if a 
client key is associated with the request. If the key 314 in not present, the request is immediately 
rejected). 

A protocol decryption engine interfaced with the browser, the protocol decryption engine operable 
to decrypt the encrypted protocol associated with the html link and authorize execution of the associated 
restricted browser function without the function confirmation. (Page 4, paragraph 45, "When a document 
is secured using the common security model, the server component 302 encrypts the document prior to 
downloading it, and the limited user browser 312 decrypts the data for viewing only.") 

Howard does not explicitly disclose, the confirmation function. However, on the same field of 
endeavor, Billharz teach this limitation as, (page 7-8, paragraph 85, one minute before expiration of time. 
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users are prompted to confirm to continue tlie session, witli a popup "Yes/No" window. Tiiis window 
appears in the foreground of all other windows, and remains up for a predetermined amount of time, e.g., 
one minute. The notification text may be as follows: "Your Remote User Portal session is about to expire 
due to inactivity. Do you want to continue using the site?" If the user does not respond after one minute, 
the popup will disappear and the user will be automatically signed out. If the user selects No, the user will 
be signed out. If the user selects Yes, the timer is reset to its internal or external limit appropriately). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time of the 
invention was made, to modify the teaching of Howard and include the confirmation function using the 
teaching of Billharz. The modification would be obvious because one of ordinary skill in the art would be 
motivated to add the confirmation function for the purpose of informing the user about the status of the 
web page and to allow the user to proceed after confirming the message received from the system. 

As per claim 2, Howard in view of Billharz discloses: 

The restricted browser function comprises a command to execute a binary. (Page 9, paragraph 
96, a delivery object 701 which is the DLL binary for the document manager). i\/1oreover, 
(page 4, paragraph 36, the file management system is typically stored in the mass memory 215 and 
cause the processor 205 to execute the various steps required by the operating system). 

As per claim 3, Howard in view of Billharz discloses: 

The restricted browser function comprises a command to save a binary. (Page 9, paragraph 96, a 
delivery object 701 which is the DLL binary for the document manager). Moreover 
(page 4, paragraph 36, the file management system is typically stored in the mass memory 215 and 
cause the processor 205 to execute the various steps required by the operating system to input and 
output data and to store data in memory, including storing files on the mass memory 215). Where saving 
a file means storing a file. 



As per claim 4, Howard in view of Billharz discloses: 
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The restricted browser function comprises a command to execute a script. (Page 2, paragraph 
28, any format that can be displayed via the internet, such as web graphic, common gateway interface 
(CGI) scripts, JAVA scripts). Where displaying a script means executing a script. 

As per claim 5, Howard in view of Billharz discloses: 

The restricted browser function comprises a command to save a script. (Page 4, paragraph 36, 
the file management system is typically stored in the mass memory 215 and cause the processor 205 to 
execute the various steps required by the operating system to input and output data and to store data in 
memory, including storing files on the mass memory 215). 

As per claim 6, Howard in view of Billharz discloses: 

A protocol filter associated with the browser and operable to preprocess plural encrypted 
protocols upon retrieval of the web page by the browser. (Page 8, paragraph 86, the server security 
component filters web client authentication, and web server request and response events). Further 
Howard discloses (Page 6, paragraph 68, each document to be protected under the common security 
model (block 425) is marked for later encryption with the system level encryption key (SLE)). 

As per claim 7, Howard in view of Billharz discloses: 

The protocol encryption tool comprises a private key for encryption of protocols. (Page 6, 
paragraph 68, each document to be protected under the common security model (block 425) is marked 
for later encryption with the system level encryption key (SLE)). 

As per claim 8, Howard in view of Billharz discloses: 

Protocol decryption engine comprises a public key. (Page 6, paragraph 62, to decrypt the 
package, it is necessary to know where to break up the individual pages before attempting the decrypt the 
file and even then encryption makes the content unusable to anyone but the owner of the machine with 
the client registered with the unique ULE key). 
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As per claim 9, Howard discloses: 

A method for secure HTML links, (page 6, paragraph 67, the server system generates a secure 

HTML). 

Encrypting a protocol associated with a restricted browser function; (page 7, paragraph 73, the 
client system receives the requested content from the server system as either encrypted HTML content or 
secured document package). Moreover, (page 6, paragraph 67, the server system generates a secure 
HTML page corresponding to the requested content and sends the page to the client system). 

Publishing the encrypted protocol in an HTML framework to associate with an HTML link that 
executes the restricted browser function; (page 1, paragraph 15, a limited-use web browser and related 
security system allows providers of text and images or other content to publish content on a local-area 
network (LAN) or wide-area network (WAN), such as world wide web (web) and the Internet), where 
HTML is one way of creating a web page. 

Displaying the HTML framework through a browser, (page 1-2, paragraph 15, reads and displays 
any viewable web content including text, images, and streaming audio and video). 

The browser restricting execution of restricted functions by requiting a distinct confirmation before 
execution of the restricted function; (page 4, paragraph 42, when the user request 313 is received by the 
server computer 301, the server component 302 determines if a client key is associated with the request. 
If the key 314 in not present, the request is immediately rejected). 

Decrypting the encrypted protocol at the browser; and authorizing execution of the restricted 
function without the distinct confirmation. (Page 4, paragraph 45, when a document is secured using the 
common security model, the server component 302 encrypts the document prior to downloading it, and 
the limited user browser 312 decrypts the data for viewing only). 

Howard does not explicitly discloses, the confirmation function. However, on the same field of 
endeavor, Billharz teach this limitation as, (page 7-8, paragraph 85, one minute before expiration of time, 
users are prompted to confirm to continue the session, with a popup "Yes/No" window. This window 
appears in the foreground of all other windows, and remains up for a predetermined amount of time, e.g., 
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one minute. The notification text may be as follows: "Your Remote User Portal session is about to expire 
due to inactivity. Do you want to continue using the site?" If the user does not respond after one minute, 
the popup will disappear and the user will be automatically signed out. If the user selects No, the user will 
be signed out. If the user selects Yes, the timer is rest to its internal or external limit appropriately). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time of the 
invention was made, to modify the teaching of Howard and include the confirmation function using the 
teaching of Billharz. The modification would be obvious because one of ordinary skill in the art would be 
motivated to add the confirmation function for the purpose of informing the user about the status of the 
web page and to allow the user to proceed after confirming the message received from the system. 

As per claim 10, Howard in view of Billharz discloses: 

Encrypting a protocol further comprises encrypting the protocol with a private key. (Page 6, 
paragraph 68, each document to be protected under the common security model (block 425) is marked 
for later encryption with the system level encryption key (SLE)). 

As per claim 1 1 , Howard in view of Billharz discloses: 

Decrypting the protocol further comprises decrypting the protocol with a public key. (Page 6, 
paragraph 62, to decrypt the package, it is necessary to know where to break up the individual pages 
before attempting the decrypt the file and even then encryption makes the content unusable to anyone 
but the owner of the machine with the client registered with the unique ULE key). 

As per claim 12, Howard in view of Billharz discloses: 

Authorizing execution of restricted function further comprises authorizing execution of a binary by 
the browser. (Page 9, paragraph 96, a delivery object 701 which is the DLL binary for the document 

manager"). Moreover (page 4, paragraph 36, the file management system is typically stored in the mass 
memory 215 and cause the processor 205 to execute the various steps required by the operating 
system). 
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As per claim 13, Howard in view of Billharz discloses: 

Authorizing execution of tlie restricted function furtiier comprises auttiorizing saving of a binary by 
the browser. (Page 9, paragraph 96, a delivery object 701 which is the DLL binary for the document 
manager"). Moreover (page 4, paragraph 36, the file management system is typically stored in the mass 
memory 215 and cause the processor 205 to execute the various steps required by the operating system 
to input and output data and to store data in memory, including storing files on the mass memory 215). 
Where saving a file means storing a file. 

As per claim 14, Howard in view of Billharz discloses: 

Authorizing execution of the restricted function further comprises authorizing execution of a script 
by the browser. (Page 2, paragraph 28, any format that can be displayed via the internet, such as web 
graphic, common gateway interface (CGI) scripts, JAVA scripts). Where displaying a script means 
executing a script. 

As per claim 15, Howard in view of Billharz discloses: 

Authorizing execution of the restricted function further comprises authorizing saving of a script by 
the browser. (Page 4, paragraph 36, the file management system is typically stored in the mass memory 
215 and cause the processor 205 to execute the various steps required by the operating system to input 
and output data and to store data in memory, including storing files on the mass memory 215). 

As per claim 16, Howard in view of Billharz discloses: 

Preprocessing of plural encrypted protocols substantially upon loading of the HTML framework to 
the browser. (Page 6, paragraph 68, each document to be protected under the common security model 
(block 425) is marked for later encryption with the system level encryption key (SLE)). 

As per claim 17, Howard in view of Billharz discloses: 
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The distinct confirmation comprises a window displayed upon user selection of an HTML link 
associated with a restricted function, the window requiring at least one addition input by the user before 

execution of the restricted function. (Page 1-2, paragraph 15, reads and displays any viewable web 
content including text, images, and streaming audio and video). 

As per claim 18, Howard discloses: 

An information handling system comprising: (page 1, paragraph 11, secure information 
distribution system). 

A browser operable to retrieve and display a HTML link associated with a restricted function, 
(page 7, paragraph 73, the client system receives the requested content from the server system as either 
encrypted HTML content or secured document package). 

The browser requiring a distinct confirmation of a selection of the HTML link before execution of 
the restricted function; (page 4, paragraph 42, when the user request 313 is received by the server 
computer 301, the server component 302 determines if a client key is associated with the request. If the 
key 314 in not present, the request is immediately rejected). 

An encrypted protocol associated with the HTML link; (page 6, paragraph 60, the HTML source 
code is encrypted by the server digital processing system using a system level encryption (SLE) key). 

A protocol decryption engine interfaced with the browser and operable to override the distinct 
confirmation requirement upon decryption and validation of the encrypted protocol. (Page 4, paragraph 
45, when a document is secured using the common security model, the server component 302 encrypts 
the document prior to downloading it, and the limited user browser 312 decrypts the data for viewing 
only). Further Howard discloses, (page 4, paragraph 42, when the user request 313 is received by the 
server computer 301, the server component 302 determines if a client key is associated with the request. 
If the key 314 in not present, the request is immediately rejected). 

Howard does not explicitly discloses, the confirmation function. However, on the same field of 
endeavor, Billharz teach this limitation as, (page 7-8, paragraph 85, one minute before expiration of time, 
users are prompted to confirm to continue the session, with a popup "Yes/No" window. This window 
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appears in the foreground of all other windows, and remains up for a predetermined amount of time, e.g., 
one minute. The notification text may be as follows: "Your Remote User Portal session is about to expire 
due to inactivity. Do you want to continue using the site?" If the user does not respond after one minute, 
the popup will disappear and the user will be automatically signed out. If the user selects No, the user will 
be signed out. If the user selects Yes, the timer is rest to its internal or external limit appropriately). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time of the 
invention was made, to modify the teaching of Howard and include the confirmation function using the 
teaching of Billharz. The modification would be obvious because one of ordinary skill in the art would be 
motivated to add the confirmation function for the purpose of informing the user about the status of the 
web page and to allow the user to proceed after confirming the message received from the system. 

As per claim 19, Howard in view of Billharz discloses: 

Browser is further operable to retrieve a web page having plural encrypted protocols, (page 6, 
paragraph 62, a secure document package is composed of a document manager and one or more web 
pages, each of which is encrypted with the ULE). 

The information handling system further comprising, (page 1 , paragraph 1 1 , secure information 
distribution system) 

A protocol filter interfaced with the browser and operable to identify the plural encrypted protocols 
for decrypting by the protocol decryption engine. (Page 8, paragraph 86, the server security component 
filters web client authentication, and web server request and response events). Further Howard discloses 
(Page 6, paragraph 68, each document to be protected under the common security model (block 425) is 
marked for later encryption with the system level encryption key (SLE)). 

As per claim 20, Howard in view of Billharz discloses: 

A protocol database interfaced with the protocol decryption engine and having a table of protocols 
and associated restricted functions, (Page 6, paragraph 62, to decrypt the package, it is necessary to 
know where to break up the individual pages before attempting the decrypt the file and even then 
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encryption makes the content unusable to anyone but the owner of the machine with the client registered 
with the unique ULE key). 

Conclusion 

6. The prior art made or record and not relied upon is considered pertinent to applicant's disclosure 
TITLE: Method and system for processing event-triggered transactions, US Pub. No. 2005/0289014. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally 
be reached on Mon-Fri 7:30a.m. to 5:00p.m. PST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kristine L. Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
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or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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